pub fn sql_adjacent_string_concat(payload: &str) -> StringExpand description
SQL adjacent-string-literal concatenation — every 'string' literal of
length ≥ 2 is rewritten as a sequence of single-character adjacent
literals: 'admin' → 'a' 'd' 'm' 'i' 'n'.
Bypass mechanism: SQL standard (ANSI SQL-92 §5.3) specifies that
two adjacent character-string literals separated only by whitespace
are concatenated by the parser. MySQL, Postgres, SQLite, Oracle, DB2
all implement this. WAF rules that match the literal substring of
well-known credentials or paths (e.g. 'admin', '/etc/passwd')
see N unrelated single-character strings instead of one token. The
database rejoins them at parse time — no comments, no CONCAT calls,
no special functions. Pure SQL semantics.
Idempotent: every output sub-literal has length 1, below the split threshold — a second pass leaves the output unchanged.
Context: Effective against any byte-pattern WAF inspecting SQL bodies. Inert outside SQL context (won’t fire on non-quoted payloads).